[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

EventID 1202: Security Policies are propagated with warning 0x534

My remote users could not login to terminal server anymore, they received an error on the RPC server.

After some digging I found thatL:
Server Management > Advanced Management > Group Policy Management > .... > Group Policy Objects > Small Business Services Auding Policy
Was set to: User Configuration Settings Disabled.
When I switched it to enabled they were able to login again.
I don't know if this setting was changed by someone, or maybe it needs to be on "User Configuration Settings Disabled".
By changing it to enabled did I compromise security? What could have caused this to happen in the first place?

I realize more information is needed to diagnose, just let me know what is needed and I will post. Thanks!
0
dutch7773
Asked:
dutch7773
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Your "fix" is interesting, because it probably does prevent the error which was blocking user logons... however it is probably the wrong way to fix this problem.  User settings are supposed to be disabled by default... (and there aren't any settings under User Settings by default).

Since you didn't say which version of SBS you have, I'm assuming that its SBS 2003 since that GPO went away in later versions.

Please look at the GPO's Scope Tab and Delegation Tab and make sure that there aren't any accounts listed which only show a SID (ie, the account was removed or disabled).  If there are any of those listed, remove them from the GPO's settings.

To answer your basic question, modifying this GPO does not at all compromise security of your network, and in fact, you could actually disable the GPO entirely.

The GPO merely collects data which is used in SBS 2003's monitoring reports.

Jeff
TechSoEasy
0
 
dutch7773Author Commented:
Thank you for your answer. Meanwhile I found a username that was misspelled and I removed it. The strange thing is that this user name was added by the previous management company so it must have been there for a quite a while (over a year) and never did any harm. So why did SBS2003 all of a sudden stumble over this misspelled username now? Strange deal.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now